Opened 8 years ago
Closed 8 years ago
#2034 closed enhancement (fixed)
New permission for annotating items
Reported by: | Nicklas Nordborg | Owned by: | Nicklas Nordborg |
---|---|---|---|
Priority: | major | Milestone: | BASE 3.10 |
Component: | core | Version: | |
Keywords: | Cc: |
Description (last modified by )
Currently WRITE permission is required on an item to be able to modify any properties and annotations. It would be nice to be able to separate the editing of regular properties from editing annotations. Introducing a new permission level, ANNOTATE, might be a possible solution. The new permission should sit between READ and WRITE (USE is already here but they should be independent).
A user with ANNOTATE permission would then be able to modify annotations but not regular properties. It would also be possible to control which annotations the user can modify and which should be read-only by setting permissions on the annotation type (requires that #2033 is fixed so that the annotation type permission is checked).
After thinking a bit about this I think we should be able to re-use the existing RESTRICTED_WRITE permission. It is a hidden permission that is only used for User items so that a user may change some parts of their own data (such as password, email, etc) but not quota, group or role membership (which require full WRITE permission).
The RESTRICTED_WRITE permission currently implies USE permission but it should be safe to remove that connection since it is not used on user items.
Change History (11)
comment:1 by , 8 years ago
Description: | modified (diff) |
---|---|
Owner: | changed from | to
Status: | new → assigned |
comment:2 by , 8 years ago
comment:3 by , 8 years ago
(In [7212]) References #2034: New permission for annotating items
The "Share" dialog has been updated with "Annotate" permission. The option is only displayed if sharing items that are annotatable.
We need to modify the Item
definitions for all annotatable item types so that the "Permissions" property on the "Properties" tab include the "Annotate" permission. This information is generated by the PermissionUtil
class.
comment:4 by , 8 years ago
(In [7213]) References #2034: New permission for annotating items
The "Edit annotation" icon in the "Annotations & parameters" tab should be enabled when the logged in user has RESTRICTED_WRITE permission.
The "Save" button in the "Edit annotations" dialog should be enabled if the logged in user has RESTRICTED_WRITE permission.
comment:5 by , 8 years ago
comment:6 by , 8 years ago
comment:7 by , 8 years ago
comment:8 by , 8 years ago
comment:9 by , 8 years ago
comment:10 by , 8 years ago
comment:11 by , 8 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
(In [7211]) References #2034: New permission for annotating items
Decoupled the USE and RESTRICTED_WRITE permission from each other. To avoid unexpected problems with the User item, USE permission is explicitely added.
The
AnnotationSet
now checks for RESTRICTED_WRITE permission instead of WRITE permission on the parent item. This should be enough for allowing a user to handle annotations on the item.